In something which couldn't have come at a worse time for us with 1.2 going in to beta next week, we're releasing MyBB 1.1.4 - a security update to the MyBB 1.x series. It fixes a moderate risk SQL injection vulnerability affecting MyBB 1.0 to MyBB 1.1.3.

We recommend all users upgrade their copy of MyBB to the latest available release.

Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.

I was only notified of this issue within the past hour and I am unaware of any widespread knowledge of it. It is a small fix for what is debatable as being something partly to blame on how PHP works and its treatment of 'true' and '1'.

Several forums have been exploited today, and by the looks of it, because of the lack of this patch. The consequences to your board of being exploited may be severe, including deletion of content. The MyBB Group urges all users to upgrade to the latest version as soon as possible.